One of the first studies of computer security and privacy was the RISOS (Research Into Secure Operating Systems) project [in 1976]. RISOS proposed and described seven categories of operating system security defects...:

Incomplete Parameter Validation

Inconsistent Parameter Validation

Implicit Sharing of Privileges / Confidential Data

Asynchronous Validation / Inadequate Serialization

Inadequate Identification / Authentication / Authorization

Violable Prohibition / Limit

Exploitable Logic Error

The study shows that there are a small number of fundamental defects that recur in different contexts.

Heh. You could say that, yes. Here we are, 40 years later, dealing (or more often, failing to deal) with exactly the same problems. How long were people starting cars with hand cranks, ten years? Fifteen?